Date: Monday, June 5, 2017 @ 20:41:33 Author: foxxx0 Revision: 234422
archrelease: copy trunk to community-i686, community-x86_64 Added: opendmarc/repos/community-i686/PKGBUILD (from rev 234421, opendmarc/trunk/PKGBUILD) opendmarc/repos/community-i686/opendmarc.conf (from rev 234421, opendmarc/trunk/opendmarc.conf) opendmarc/repos/community-i686/opendmarc.install (from rev 234421, opendmarc/trunk/opendmarc.install) opendmarc/repos/community-i686/opendmarc.service (from rev 234421, opendmarc/trunk/opendmarc.service) opendmarc/repos/community-x86_64/PKGBUILD (from rev 234421, opendmarc/trunk/PKGBUILD) opendmarc/repos/community-x86_64/opendmarc.conf (from rev 234421, opendmarc/trunk/opendmarc.conf) opendmarc/repos/community-x86_64/opendmarc.install (from rev 234421, opendmarc/trunk/opendmarc.install) opendmarc/repos/community-x86_64/opendmarc.service (from rev 234421, opendmarc/trunk/opendmarc.service) Deleted: opendmarc/repos/community-i686/PKGBUILD opendmarc/repos/community-i686/opendmarc.install opendmarc/repos/community-i686/opendmarc.service opendmarc/repos/community-x86_64/PKGBUILD opendmarc/repos/community-x86_64/opendmarc.install opendmarc/repos/community-x86_64/opendmarc.service ------------------------------------+ /PKGBUILD | 118 +++++++++++ /opendmarc.install | 16 + /opendmarc.service | 26 ++ community-i686/PKGBUILD | 54 ----- community-i686/opendmarc.conf | 370 +++++++++++++++++++++++++++++++++++ community-i686/opendmarc.install | 24 -- community-i686/opendmarc.service | 11 - community-x86_64/PKGBUILD | 54 ----- community-x86_64/opendmarc.conf | 370 +++++++++++++++++++++++++++++++++++ community-x86_64/opendmarc.install | 24 -- community-x86_64/opendmarc.service | 11 - 11 files changed, 900 insertions(+), 178 deletions(-) Deleted: community-i686/PKGBUILD =================================================================== --- community-i686/PKGBUILD 2017-06-05 20:40:02 UTC (rev 234421) +++ community-i686/PKGBUILD 2017-06-05 20:41:33 UTC (rev 234422) @@ -1,54 +0,0 @@ -# $Id$ -# Maintainer: Sergej Pupykin <arch+...@sergej.pp.ru> -# Orginal Maintainer: Arthur Țițeică arthur.titeica/gmail/com -# Current Maintainer: Hao Zhang <theivorytower [at] gmail [dot] com> - -pkgname=opendmarc -pkgver=1.3.2 -pkgrel=1 -pkgdesc="Free open source software implementation of the DMARC specification" -arch=('i686' 'x86_64') -url="http://www.trusteddomain.org/opendmarc/" -license=('custom') -depends=('smtp-server') -makedepends=('libmilter') -optdepends=('opendbx: acts as a middleware layer between OpenDMARC and a SQL backend of choice' - 'python: run opendmarc scripts at /usr/share/doc/opendmarc' - 'perl: run opendmarc scripts at /usr/share/doc/opendmarc' - 'perl-switch: generate DMARC reports' - 'perl-dbd-mysql: generate DMARC reports' - 'perl-libwww: generate DMARC reports') -install=$pkgname.install -backup=(etc/opendmarc/opendmarc.conf) -source=(https://downloads.sourceforge.net/project/$pkgname/$pkgname-$pkgver.tar.gz #{,.asc} - opendmarc.service) -sha256sums=('213c4b01a9ff5dcdf331f7bd1dd6a382077abbf8ee9111852f2101ec917c2ffb' - 'dc16a2bb66df7473a0288fc0c33db731922ff2ea9fdcd59d86da8dc908ca4a14') - -build() { - export LDFLAGS="${LDFLAGS//,--as-needed}" - cd "$srcdir/$pkgname-$pkgver" - ./configure --prefix=/usr \ - --bindir=/usr/bin \ - --sbindir=/usr/bin \ - --sysconfdir=/etc/$pkgname \ - --with-spf - make -} - -check() { - cd "$srcdir/$pkgname-$pkgver" - make -k check -} - -package() { - cd "$srcdir/$pkgname-$pkgver" - make DESTDIR="$pkgdir/" install - # sample config - install -D -m644 "$srcdir"/$pkgname-$pkgver/$pkgname/opendmarc.conf.sample "$pkgdir"/etc/$pkgname/opendmarc.conf.sample - # License - install -D -m644 "$srcdir"/$pkgname-$pkgver/LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE - rm "$pkgdir"/usr/share/doc/$pkgname/LICENSE - # systemd service - install -D -m644 "$srcdir/$pkgname.service" "${pkgdir}/usr/lib/systemd/system/$pkgname.service" -} Copied: opendmarc/repos/community-i686/PKGBUILD (from rev 234421, opendmarc/trunk/PKGBUILD) =================================================================== --- community-i686/PKGBUILD (rev 0) +++ community-i686/PKGBUILD 2017-06-05 20:41:33 UTC (rev 234422) @@ -0,0 +1,59 @@ +# Maintainer: Thore Bödecker <fox...@archlinux.org> +# Contributor: Sergej Pupykin <arch+...@sergej.pp.ru> +# Contributor: Arthur Țițeică arthur.titeica/gmail/com +# Contributor: Hao Zhang <theivorytower [at] gmail [dot] com> + +pkgname=opendmarc +pkgver=1.3.2 +pkgrel=2 +pkgdesc="Free open source software implementation of the DMARC specification" +arch=('i686' 'x86_64') +url="http://www.trusteddomain.org/opendmarc/" +license=('custom') +depends=('smtp-server' 'libspf2' 'libbsd' 'libidn') +makedepends=('libmilter') +optdepends=('opendbx: acts as a middleware layer between OpenDMARC and a SQL backend of choice' + 'python: run opendmarc scripts at /usr/share/doc/opendmarc' + 'perl: run opendmarc scripts at /usr/share/doc/opendmarc' + 'perl-switch: generate DMARC reports' + 'perl-dbd-mysql: generate DMARC reports' + 'perl-libwww: generate DMARC reports') +install=${pkgname}.install +backup=('etc/opendmarc/opendmarc.conf') +# unfortunately the gpg key used for signing (2D55C45B89CFFD42) is not public +source=("https://downloads.sourceforge.net/project/${pkgname}/${pkgname}-${pkgver}.tar.gz" #{,.asc} + 'opendmarc.service' + 'opendmarc.conf') +sha512sums=('6045fb7d2be8f0ffdeca07324857d92908a41c6792749017c2fcc1058f05f55317b1919c67c780827dd7094ec8fff2e1fa4aeb5bab7ff7461537957af2652748' + '738de0cd286dd30713f32034f9ecf9009b6f64038c573c9f8aedaf10df8293bb9eec9d19492a03a2ebf2d2960289bdf48be9b1eb25395dbe9a490f7e3b25cb34' + 'a55540cca6f968072ce8ddb9e53ce226300f2bbf730e7affe775a3ea96fad2cf438c88bc9f96c0de352dfb217eb82e7b4fc1ab05666ac6fd063b434cd335bc54') + +build() { + cd "${srcdir}/${pkgname}-${pkgver}" + export LDFLAGS="${LDFLAGS//,--as-needed}" + ./configure --prefix=/usr \ + --bindir=/usr/bin \ + --sbindir=/usr/bin \ + --sysconfdir="/etc/${pkgname}" \ + --with-spf \ + --with-spf2-include=/usr/include/spf2 \ + --with-spf2-lib=/usr/lib/ + make +} + +check() { + cd "${srcdir}/${pkgname}-${pkgver}" + make -k check +} + +package() { + cd "${srcdir}/${pkgname}-${pkgver}" + make DESTDIR="${pkgdir}/" install + # config + install -D -m644 "${srcdir}/opendmarc.conf" "${pkgdir}/etc/${pkgname}/opendmarc.conf" + # License + install -D -m644 "${srcdir}/${pkgname}-${pkgver}/LICENSE" "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" + rm "${pkgdir}/usr/share/doc/${pkgname}/LICENSE" + # systemd service + install -D -m644 "${srcdir}/${pkgname}.service" "${pkgdir}/usr/lib/systemd/system/${pkgname}.service" +} Copied: opendmarc/repos/community-i686/opendmarc.conf (from rev 234421, opendmarc/trunk/opendmarc.conf) =================================================================== --- community-i686/opendmarc.conf (rev 0) +++ community-i686/opendmarc.conf 2017-06-05 20:41:33 UTC (rev 234422) @@ -0,0 +1,370 @@ +## opendmarc.conf -- configuration file for OpenDMARC filter +## +## Copyright (c) 2012-2015, The Trusted Domain Project. All rights reserved. + +## DEPRECATED CONFIGURATION OPTIONS +## +## The following configuration options are no longer valid. They should be +## removed from your existing configuration file to prevent potential issues. +## Failure to do so may result in opendmarc being unable to start. +## +## Renamed in 1.3.0: +## ForensicReports became FailureReports +## ForensicReportsBcc became FailureReportsBcc +## ForensicReportsOnNone became FailureReportsOnNone +## ForensicReportsSentBy became FailureReportsSentBy + +## CONFIGURATION OPTIONS + +## AuthservID (string) +## defaults to MTA name +## +## Sets the "authserv-id" to use when generating the Authentication-Results: +## header field after verifying a message. If the string "HOSTNAME" is +## provided, the name of the host running the filter (as returned by the +## gethostname(3) function) will be used. +# +# AuthservID name +AuthservID HOSTNAME + +## AuthservIDWithJobID { true | false } +## default "false" +## +## If "true", requests that the authserv-id portion of the added +## Authentication-Results header fields contain the job ID of the message +## being evaluated. +# +# AuthservIDWithJobID false + +## AutoRestart { true | false } +## default "false" +## +## Automatically re-start on failures. Use with caution; if the filter fails +## instantly after it starts, this can cause a tight fork(2) loop. +# +# AutoRestart false + +## AutoRestartCount n +## default 0 +## +## Sets the maximum automatic restart count. After this number of automatic +## restarts, the filter will give up and terminate. A value of 0 implies no +## limit. +# +# AutoRestartCount 0 + +## AutoRestartRate n/t[u] +## default (no limit) +## +## Sets the maximum automatic restart rate. If the filter begins restarting +## faster than the rate defined here, it will give up and terminate. This +## is a string of the form n/t[u] where n is an integer limiting the count +## of restarts in the given interval and t[u] defines the time interval +## through which the rate is calculated; t is an integer and u defines the +## units thus represented ("s" or "S" for seconds, the default; "m" or "M" +## for minutes; "h" or "H" for hours; "d" or "D" for days). For example, a +## value of "10/1h" limits the restarts to 10 in one hour. There is no +## default, meaning restart rate is not limited. +# +# AutoRestartRate n/t[u] + +## Background { true | false } +## default "true" +## +## Causes opendmarc to fork and exits immediately, leaving the service +## running in the background. +# +# Background true + +## BaseDirectory (string) +## default (none) +## +## If set, instructs the filter to change to the specified directory using +## chdir(2) before doing anything else. This means any files referenced +## elsewhere in the configuration file can be specified relative to this +## directory. It's also useful for arranging that any crash dumps will be +## saved to a specific location. +# +# BaseDirectory /var/run/opendmarc + +## ChangeRootDirectory (string) +## default (none) +## +## Requests that the operating system change the effective root directory of +## the process to the one specified here prior to beginning execution. +## chroot(2) requires superuser access. A warning will be generated if +## UserID is not also set. +# +# ChangeRootDirectory /var/chroot/opendmarc + +## CopyFailuresTo (string) +## default (none) +## +## Requests addition of the specified email address to the envelope of +## any message that fails the DMARC evaluation. +# +# CopyFailuresTo postmaster@localhost + +## DNSTimeout (integer) +## default 5 +## +## Sets the DNS timeout in seconds. A value of 0 causes an infinite wait. +## (NOT YET IMPLEMENTED) +# +# DNSTimeout 5 + +## EnableCoredumps { true | false } +## default "false" +## +## On systems that have such support, make an explicit request to the kernel +## to dump cores when the filter crashes for some reason. Some modern UNIX +## systems suppress core dumps during crashes for security reasons if the +## user ID has changed during the lifetime of the process. Currently only +## supported on Linux. +# +# EnableCoreDumps false + +## FailureReports { true | false } +## default "false" +## +## Enables generation of failure reports when the DMARC test fails and the +## purported sender of the message has requested such reports. Reports are +## formatted per RFC6591. +# +# FailureReports false + +## FailureReportsBcc (string) +## default (none) +## +## When failure reports are enabled and one is to be generated, always +## send one to the address(es) specified here. If a failure report is +## requested by the domain owner, the address(es) are added in a Bcc: field. +## If no request is made, they address(es) are used in a To: field. There +## is no default. +# +# FailureReportsBcc postmas...@example.coom + +## FailureReportsOnNone { true | false } +## default "false" +## +## Supplements the "FailureReports" setting by generating reports for +## domains that advertise "none" policies. By default, reports are only +## generated (when enabled) for sending domains advertising a "quarantine" +## or "reject" policy. +# +# FailureReportsOnNone false + +## FailureReportsSentBy string +## default "USER@HOSTNAME" +## +## Specifies the email address to use in the From: field of failure +## reports generated by the filter. The default is to use the userid of +## the user running the filter and the local hostname to construct an +## email address. "postmaster" is used in place of the userid if a name +## could not be determined. +# +# FailureReportsSentBy USER@HOSTNAME + +## HistoryFile path +## default (none) +## +## If set, specifies the location of a text file to which records are written +## that can be used to generate DMARC aggregate reports. Records are groups +## of rows containing information about a single received message, and +## include all relevant information needed to generate a DMARC aggregate +## report. It is expected that this will not be used in its raw form, but +## rather periodically imported into a relational database from which the +## aggregate reports can be extracted by a tool such as opendmarc-import(8). +# +# HistoryFile /var/run/opendmarc.dat + +## IgnoreAuthenticatedClients { true | false } +## default "false" +## +## If set, causes mail from authenticated clients (i.e., those that used +## SMTP AUTH) to be ignored by the filter. +# +# IgnoreAuthenticatedClients false + +## IgnoreHosts path +## default (internal) +## +## Specifies the path to a file that contains a list of hostnames, IP +## addresses, and/or CIDR expressions identifying hosts whose SMTP +## connections are to be ignored by the filter. If not specified, defaults +## to "127.0.0.1" only. +# +# IgnoreHosts /etc/opendmarc/ignore.hosts + +## IgnoreMailFrom domain[,...] +## default (none) +## +## Gives a list of domain names whose mail (based on the From: domain) is to +## be ignored by the filter. The list should be comma-separated. Matching +## against this list is case-insensitive. The default is an empty list, +## meaning no mail is ignored. +# +# IgnoreMailFrom example.com + +## MilterDebug (integer) +## default 0 +## +## Sets the debug level to be requested from the milter library. +# +# MilterDebug 0 + +## PidFile path +## default (none) +## +## Specifies the path to a file that should be created at process start +## containing the process ID. +# +# PidFile /var/run/opendmarc.pid + +## PublicSuffixList path +## default (none) +## +## Specifies the path to a file that contains top-level domains (TLDs) that +## will be used to compute the Organizational Domain for a given domain name, +## as described in the DMARC specification. If not provided, the filter will +## not be able to determine the Organizational Domain and only the presented +## domain will be evaluated. +# +# PublicSuffixList path + +## RecordAllMessages { true | false } +## default "false" +## +## If set and "HistoryFile" is in use, all received messages are recorded +## to the history file. If not set (the default), only messages for which +## the From: domain published a DMARC record will be recorded in the +## history file. +# +# RecordAllMessages false + +## RejectFailures { true | false } +## default "false" +## +## If set, messages will be rejected if they fail the DMARC evaluation, or +## temp-failed if evaluation could not be completed. By default, no message +## will be rejected or temp-failed regardless of the outcome of the DMARC +## evaluation of the message. Instead, an Authentication-Results header +## field will be added. +# +# RejectFailures false + +## ReportCommand string +## default "/usr/sbin/sendmail -t" +## +## Indicates the shell command to which failure reports should be passed for +## delivery when "FailureReports" is enabled. +# +# ReportCommand /usr/sbin/sendmail -t + +## RequiredHeaders { true | false } +## default "false" +## +## If set, the filter will ensure the header of the message conforms to the +## basic header field count restrictions laid out in RFC5322, Section 3.6. +## Messages failing this test are rejected without further processing. A +## From: field from which no domain name could be extracted will also be +## rejected. +# +# RequiredHeaders false + +## Socket socketspec +## default (none) +## +## Specifies the socket that should be established by the filter to receive +## connections from sendmail(8) in order to provide service. socketspec is +## in one of two forms: local:path, which creates a UNIX domain socket at +## the specified path, or inet:port[@host] or inet6:port[@host] which creates +## a TCP socket on the specified port for the appropriate protocol family. +## If the host is not given as either a hostname or an IP address, the +## socket will be listening on all interfaces. This option is mandatory +## either in the configuration file or on the command line. If an IP +## address is used, it must be enclosed in square brackets. +# +# Socket inet:8893@localhost +Socket unix:/var/spool/opendmarc/opendmarc.sock + +## SoftwareHeader { true | false } +## default "false" +## +## Causes the filter to add a "DMARC-Filter" header field indicating the +## presence of this filter in the path of the message from injection to +## delivery. The product's name, version, and the job ID are included in +## the header field's contents. +# +# SoftwareHeader false + +## SPFIgnoreResults { true | false } +## default "false" +## +## Causes the filter to ignore any SPF results in the header of the +## message. This is useful if you want the filter to perfrom SPF checks +## itself, or because you don't trust the arriving header. +# +# SPFIgnoreResults false + +## SPFSelfValidate { true | false } +## default false +## +## Enable internal spf checking with --with-spf +## To use libspf2 instead: --with-spf --with-spf2-include=path --with-spf2-lib=path +## +## Causes the filter to perform a fallback SPF check itself when +## it can find no SPF results in the message header. If SPFIgnoreResults +## is also set, it never looks for SPF results in headers and +## always performs the SPF check itself when this is set. +# +# SPFSelfValidate false + +## Syslog { true | false } +## default "false" +## +## Log via calls to syslog(3) any interesting activity. +# +# Syslog false + +## SyslogFacility facility-name +## default "mail" +## +## Log via calls to syslog(3) using the named facility. The facility names +## are the same as the ones allowed in syslog.conf(5). +# +# SyslogFacility mail + +## TrustedAuthservIDs string +## default HOSTNAME +## +## Specifies one or more "authserv-id" values to trust as relaying true +## upstream DKIM and SPF results. The default is to use the name of +## the MTA processing the message. To specify a list, separate each entry +## with a comma. The key word "HOSTNAME" will be replaced by the name of +## the host running the filter as reported by the gethostname(3) function. +# +# TrustedAuthservIDs HOSTNAME + +## UMask mask +## default (none) +## +## Requests a specific permissions mask to be used for file creation. This +## only really applies to creation of the socket when Socket specifies a +## UNIX domain socket, and to the HistoryFile and PidFile (if any); temporary +## files are normally created by the mkstemp(3) function that enforces a +## specific file mode on creation regardless of the process umask. See +## umask(2) for more information. +# +# UMask 077 +UMask 002 + +## UserID user[:group] +## default (none) +## +## Attempts to become the specified userid before starting operations. +## The process will be assigned all of the groups and primary group ID of +## the named userid unless an alternate group is specified. +# +# UserID opendmarc +# ATTENTION: user and group are enforced throug the systemd service file Deleted: community-i686/opendmarc.install =================================================================== --- community-i686/opendmarc.install 2017-06-05 20:40:02 UTC (rev 234421) +++ community-i686/opendmarc.install 2017-06-05 20:41:33 UTC (rev 234422) @@ -1,24 +0,0 @@ -_config_instructions() { - echo "==> The opendmarc user has been created." - echo " It is recommended to run the daemon under this user." - echo " A sample configuration file has been instaled at" - echo " /etc/opendmarc/opendmarc.conf.sample" -} - -post_install() { - getent passwd opendmarc >/dev/null || \ - useradd --system -g mail -s /usr/bin/nologin -d /etc/opendmarc opendmarc - if [ ! -e /etc/opendmarc/opendmarc.conf ]; then - _config_instructions - fi -} - -post_upgrade() { - post_install -} - -post_remove(){ - if getent passwd opendmarc >/dev/null 2>&1; then - userdel opendmarc - fi -} Copied: opendmarc/repos/community-i686/opendmarc.install (from rev 234421, opendmarc/trunk/opendmarc.install) =================================================================== --- community-i686/opendmarc.install (rev 0) +++ community-i686/opendmarc.install 2017-06-05 20:41:33 UTC (rev 234422) @@ -0,0 +1,8 @@ +post_install() { + getent passwd opendmarc >/dev/null || \ + useradd --system -g mail -s /usr/bin/nologin -d /etc/opendmarc opendmarc +} + +post_upgrade() { + post_install +} Deleted: community-i686/opendmarc.service =================================================================== --- community-i686/opendmarc.service 2017-06-05 20:40:02 UTC (rev 234421) +++ community-i686/opendmarc.service 2017-06-05 20:41:33 UTC (rev 234422) @@ -1,11 +0,0 @@ -[Unit] -Description=OpenDMARC -After=network.target remote-fs.target nss-lookup.target - -[Service] -Type=forking -ExecStart=/usr/bin/opendmarc -c /etc/opendmarc/opendmarc.conf -Restart=always - -[Install] -WantedBy=multi-user.target Copied: opendmarc/repos/community-i686/opendmarc.service (from rev 234421, opendmarc/trunk/opendmarc.service) =================================================================== --- community-i686/opendmarc.service (rev 0) +++ community-i686/opendmarc.service 2017-06-05 20:41:33 UTC (rev 234422) @@ -0,0 +1,13 @@ +[Unit] +Description=OpenDMARC +After=network.target remote-fs.target nss-lookup.target + +[Service] +Type=forking +User=opendmarc +Group=mail +ExecStart=/usr/bin/opendmarc -c /etc/opendmarc/opendmarc.conf +Restart=always + +[Install] +WantedBy=multi-user.target Deleted: community-x86_64/PKGBUILD =================================================================== --- community-x86_64/PKGBUILD 2017-06-05 20:40:02 UTC (rev 234421) +++ community-x86_64/PKGBUILD 2017-06-05 20:41:33 UTC (rev 234422) @@ -1,54 +0,0 @@ -# $Id$ -# Maintainer: Sergej Pupykin <arch+...@sergej.pp.ru> -# Orginal Maintainer: Arthur Țițeică arthur.titeica/gmail/com -# Current Maintainer: Hao Zhang <theivorytower [at] gmail [dot] com> - -pkgname=opendmarc -pkgver=1.3.2 -pkgrel=1 -pkgdesc="Free open source software implementation of the DMARC specification" -arch=('i686' 'x86_64') -url="http://www.trusteddomain.org/opendmarc/" -license=('custom') -depends=('smtp-server') -makedepends=('libmilter') -optdepends=('opendbx: acts as a middleware layer between OpenDMARC and a SQL backend of choice' - 'python: run opendmarc scripts at /usr/share/doc/opendmarc' - 'perl: run opendmarc scripts at /usr/share/doc/opendmarc' - 'perl-switch: generate DMARC reports' - 'perl-dbd-mysql: generate DMARC reports' - 'perl-libwww: generate DMARC reports') -install=$pkgname.install -backup=(etc/opendmarc/opendmarc.conf) -source=(https://downloads.sourceforge.net/project/$pkgname/$pkgname-$pkgver.tar.gz #{,.asc} - opendmarc.service) -sha256sums=('213c4b01a9ff5dcdf331f7bd1dd6a382077abbf8ee9111852f2101ec917c2ffb' - 'dc16a2bb66df7473a0288fc0c33db731922ff2ea9fdcd59d86da8dc908ca4a14') - -build() { - export LDFLAGS="${LDFLAGS//,--as-needed}" - cd "$srcdir/$pkgname-$pkgver" - ./configure --prefix=/usr \ - --bindir=/usr/bin \ - --sbindir=/usr/bin \ - --sysconfdir=/etc/$pkgname \ - --with-spf - make -} - -check() { - cd "$srcdir/$pkgname-$pkgver" - make -k check -} - -package() { - cd "$srcdir/$pkgname-$pkgver" - make DESTDIR="$pkgdir/" install - # sample config - install -D -m644 "$srcdir"/$pkgname-$pkgver/$pkgname/opendmarc.conf.sample "$pkgdir"/etc/$pkgname/opendmarc.conf.sample - # License - install -D -m644 "$srcdir"/$pkgname-$pkgver/LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE - rm "$pkgdir"/usr/share/doc/$pkgname/LICENSE - # systemd service - install -D -m644 "$srcdir/$pkgname.service" "${pkgdir}/usr/lib/systemd/system/$pkgname.service" -} Copied: opendmarc/repos/community-x86_64/PKGBUILD (from rev 234421, opendmarc/trunk/PKGBUILD) =================================================================== --- community-x86_64/PKGBUILD (rev 0) +++ community-x86_64/PKGBUILD 2017-06-05 20:41:33 UTC (rev 234422) @@ -0,0 +1,59 @@ +# Maintainer: Thore Bödecker <fox...@archlinux.org> +# Contributor: Sergej Pupykin <arch+...@sergej.pp.ru> +# Contributor: Arthur Țițeică arthur.titeica/gmail/com +# Contributor: Hao Zhang <theivorytower [at] gmail [dot] com> + +pkgname=opendmarc +pkgver=1.3.2 +pkgrel=2 +pkgdesc="Free open source software implementation of the DMARC specification" +arch=('i686' 'x86_64') +url="http://www.trusteddomain.org/opendmarc/" +license=('custom') +depends=('smtp-server' 'libspf2' 'libbsd' 'libidn') +makedepends=('libmilter') +optdepends=('opendbx: acts as a middleware layer between OpenDMARC and a SQL backend of choice' + 'python: run opendmarc scripts at /usr/share/doc/opendmarc' + 'perl: run opendmarc scripts at /usr/share/doc/opendmarc' + 'perl-switch: generate DMARC reports' + 'perl-dbd-mysql: generate DMARC reports' + 'perl-libwww: generate DMARC reports') +install=${pkgname}.install +backup=('etc/opendmarc/opendmarc.conf') +# unfortunately the gpg key used for signing (2D55C45B89CFFD42) is not public +source=("https://downloads.sourceforge.net/project/${pkgname}/${pkgname}-${pkgver}.tar.gz" #{,.asc} + 'opendmarc.service' + 'opendmarc.conf') +sha512sums=('6045fb7d2be8f0ffdeca07324857d92908a41c6792749017c2fcc1058f05f55317b1919c67c780827dd7094ec8fff2e1fa4aeb5bab7ff7461537957af2652748' + '738de0cd286dd30713f32034f9ecf9009b6f64038c573c9f8aedaf10df8293bb9eec9d19492a03a2ebf2d2960289bdf48be9b1eb25395dbe9a490f7e3b25cb34' + 'a55540cca6f968072ce8ddb9e53ce226300f2bbf730e7affe775a3ea96fad2cf438c88bc9f96c0de352dfb217eb82e7b4fc1ab05666ac6fd063b434cd335bc54') + +build() { + cd "${srcdir}/${pkgname}-${pkgver}" + export LDFLAGS="${LDFLAGS//,--as-needed}" + ./configure --prefix=/usr \ + --bindir=/usr/bin \ + --sbindir=/usr/bin \ + --sysconfdir="/etc/${pkgname}" \ + --with-spf \ + --with-spf2-include=/usr/include/spf2 \ + --with-spf2-lib=/usr/lib/ + make +} + +check() { + cd "${srcdir}/${pkgname}-${pkgver}" + make -k check +} + +package() { + cd "${srcdir}/${pkgname}-${pkgver}" + make DESTDIR="${pkgdir}/" install + # config + install -D -m644 "${srcdir}/opendmarc.conf" "${pkgdir}/etc/${pkgname}/opendmarc.conf" + # License + install -D -m644 "${srcdir}/${pkgname}-${pkgver}/LICENSE" "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" + rm "${pkgdir}/usr/share/doc/${pkgname}/LICENSE" + # systemd service + install -D -m644 "${srcdir}/${pkgname}.service" "${pkgdir}/usr/lib/systemd/system/${pkgname}.service" +} Copied: opendmarc/repos/community-x86_64/opendmarc.conf (from rev 234421, opendmarc/trunk/opendmarc.conf) =================================================================== --- community-x86_64/opendmarc.conf (rev 0) +++ community-x86_64/opendmarc.conf 2017-06-05 20:41:33 UTC (rev 234422) @@ -0,0 +1,370 @@ +## opendmarc.conf -- configuration file for OpenDMARC filter +## +## Copyright (c) 2012-2015, The Trusted Domain Project. All rights reserved. + +## DEPRECATED CONFIGURATION OPTIONS +## +## The following configuration options are no longer valid. They should be +## removed from your existing configuration file to prevent potential issues. +## Failure to do so may result in opendmarc being unable to start. +## +## Renamed in 1.3.0: +## ForensicReports became FailureReports +## ForensicReportsBcc became FailureReportsBcc +## ForensicReportsOnNone became FailureReportsOnNone +## ForensicReportsSentBy became FailureReportsSentBy + +## CONFIGURATION OPTIONS + +## AuthservID (string) +## defaults to MTA name +## +## Sets the "authserv-id" to use when generating the Authentication-Results: +## header field after verifying a message. If the string "HOSTNAME" is +## provided, the name of the host running the filter (as returned by the +## gethostname(3) function) will be used. +# +# AuthservID name +AuthservID HOSTNAME + +## AuthservIDWithJobID { true | false } +## default "false" +## +## If "true", requests that the authserv-id portion of the added +## Authentication-Results header fields contain the job ID of the message +## being evaluated. +# +# AuthservIDWithJobID false + +## AutoRestart { true | false } +## default "false" +## +## Automatically re-start on failures. Use with caution; if the filter fails +## instantly after it starts, this can cause a tight fork(2) loop. +# +# AutoRestart false + +## AutoRestartCount n +## default 0 +## +## Sets the maximum automatic restart count. After this number of automatic +## restarts, the filter will give up and terminate. A value of 0 implies no +## limit. +# +# AutoRestartCount 0 + +## AutoRestartRate n/t[u] +## default (no limit) +## +## Sets the maximum automatic restart rate. If the filter begins restarting +## faster than the rate defined here, it will give up and terminate. This +## is a string of the form n/t[u] where n is an integer limiting the count +## of restarts in the given interval and t[u] defines the time interval +## through which the rate is calculated; t is an integer and u defines the +## units thus represented ("s" or "S" for seconds, the default; "m" or "M" +## for minutes; "h" or "H" for hours; "d" or "D" for days). For example, a +## value of "10/1h" limits the restarts to 10 in one hour. There is no +## default, meaning restart rate is not limited. +# +# AutoRestartRate n/t[u] + +## Background { true | false } +## default "true" +## +## Causes opendmarc to fork and exits immediately, leaving the service +## running in the background. +# +# Background true + +## BaseDirectory (string) +## default (none) +## +## If set, instructs the filter to change to the specified directory using +## chdir(2) before doing anything else. This means any files referenced +## elsewhere in the configuration file can be specified relative to this +## directory. It's also useful for arranging that any crash dumps will be +## saved to a specific location. +# +# BaseDirectory /var/run/opendmarc + +## ChangeRootDirectory (string) +## default (none) +## +## Requests that the operating system change the effective root directory of +## the process to the one specified here prior to beginning execution. +## chroot(2) requires superuser access. A warning will be generated if +## UserID is not also set. +# +# ChangeRootDirectory /var/chroot/opendmarc + +## CopyFailuresTo (string) +## default (none) +## +## Requests addition of the specified email address to the envelope of +## any message that fails the DMARC evaluation. +# +# CopyFailuresTo postmaster@localhost + +## DNSTimeout (integer) +## default 5 +## +## Sets the DNS timeout in seconds. A value of 0 causes an infinite wait. +## (NOT YET IMPLEMENTED) +# +# DNSTimeout 5 + +## EnableCoredumps { true | false } +## default "false" +## +## On systems that have such support, make an explicit request to the kernel +## to dump cores when the filter crashes for some reason. Some modern UNIX +## systems suppress core dumps during crashes for security reasons if the +## user ID has changed during the lifetime of the process. Currently only +## supported on Linux. +# +# EnableCoreDumps false + +## FailureReports { true | false } +## default "false" +## +## Enables generation of failure reports when the DMARC test fails and the +## purported sender of the message has requested such reports. Reports are +## formatted per RFC6591. +# +# FailureReports false + +## FailureReportsBcc (string) +## default (none) +## +## When failure reports are enabled and one is to be generated, always +## send one to the address(es) specified here. If a failure report is +## requested by the domain owner, the address(es) are added in a Bcc: field. +## If no request is made, they address(es) are used in a To: field. There +## is no default. +# +# FailureReportsBcc postmas...@example.coom + +## FailureReportsOnNone { true | false } +## default "false" +## +## Supplements the "FailureReports" setting by generating reports for +## domains that advertise "none" policies. By default, reports are only +## generated (when enabled) for sending domains advertising a "quarantine" +## or "reject" policy. +# +# FailureReportsOnNone false + +## FailureReportsSentBy string +## default "USER@HOSTNAME" +## +## Specifies the email address to use in the From: field of failure +## reports generated by the filter. The default is to use the userid of +## the user running the filter and the local hostname to construct an +## email address. "postmaster" is used in place of the userid if a name +## could not be determined. +# +# FailureReportsSentBy USER@HOSTNAME + +## HistoryFile path +## default (none) +## +## If set, specifies the location of a text file to which records are written +## that can be used to generate DMARC aggregate reports. Records are groups +## of rows containing information about a single received message, and +## include all relevant information needed to generate a DMARC aggregate +## report. It is expected that this will not be used in its raw form, but +## rather periodically imported into a relational database from which the +## aggregate reports can be extracted by a tool such as opendmarc-import(8). +# +# HistoryFile /var/run/opendmarc.dat + +## IgnoreAuthenticatedClients { true | false } +## default "false" +## +## If set, causes mail from authenticated clients (i.e., those that used +## SMTP AUTH) to be ignored by the filter. +# +# IgnoreAuthenticatedClients false + +## IgnoreHosts path +## default (internal) +## +## Specifies the path to a file that contains a list of hostnames, IP +## addresses, and/or CIDR expressions identifying hosts whose SMTP +## connections are to be ignored by the filter. If not specified, defaults +## to "127.0.0.1" only. +# +# IgnoreHosts /etc/opendmarc/ignore.hosts + +## IgnoreMailFrom domain[,...] +## default (none) +## +## Gives a list of domain names whose mail (based on the From: domain) is to +## be ignored by the filter. The list should be comma-separated. Matching +## against this list is case-insensitive. The default is an empty list, +## meaning no mail is ignored. +# +# IgnoreMailFrom example.com + +## MilterDebug (integer) +## default 0 +## +## Sets the debug level to be requested from the milter library. +# +# MilterDebug 0 + +## PidFile path +## default (none) +## +## Specifies the path to a file that should be created at process start +## containing the process ID. +# +# PidFile /var/run/opendmarc.pid + +## PublicSuffixList path +## default (none) +## +## Specifies the path to a file that contains top-level domains (TLDs) that +## will be used to compute the Organizational Domain for a given domain name, +## as described in the DMARC specification. If not provided, the filter will +## not be able to determine the Organizational Domain and only the presented +## domain will be evaluated. +# +# PublicSuffixList path + +## RecordAllMessages { true | false } +## default "false" +## +## If set and "HistoryFile" is in use, all received messages are recorded +## to the history file. If not set (the default), only messages for which +## the From: domain published a DMARC record will be recorded in the +## history file. +# +# RecordAllMessages false + +## RejectFailures { true | false } +## default "false" +## +## If set, messages will be rejected if they fail the DMARC evaluation, or +## temp-failed if evaluation could not be completed. By default, no message +## will be rejected or temp-failed regardless of the outcome of the DMARC +## evaluation of the message. Instead, an Authentication-Results header +## field will be added. +# +# RejectFailures false + +## ReportCommand string +## default "/usr/sbin/sendmail -t" +## +## Indicates the shell command to which failure reports should be passed for +## delivery when "FailureReports" is enabled. +# +# ReportCommand /usr/sbin/sendmail -t + +## RequiredHeaders { true | false } +## default "false" +## +## If set, the filter will ensure the header of the message conforms to the +## basic header field count restrictions laid out in RFC5322, Section 3.6. +## Messages failing this test are rejected without further processing. A +## From: field from which no domain name could be extracted will also be +## rejected. +# +# RequiredHeaders false + +## Socket socketspec +## default (none) +## +## Specifies the socket that should be established by the filter to receive +## connections from sendmail(8) in order to provide service. socketspec is +## in one of two forms: local:path, which creates a UNIX domain socket at +## the specified path, or inet:port[@host] or inet6:port[@host] which creates +## a TCP socket on the specified port for the appropriate protocol family. +## If the host is not given as either a hostname or an IP address, the +## socket will be listening on all interfaces. This option is mandatory +## either in the configuration file or on the command line. If an IP +## address is used, it must be enclosed in square brackets. +# +# Socket inet:8893@localhost +Socket unix:/var/spool/opendmarc/opendmarc.sock + +## SoftwareHeader { true | false } +## default "false" +## +## Causes the filter to add a "DMARC-Filter" header field indicating the +## presence of this filter in the path of the message from injection to +## delivery. The product's name, version, and the job ID are included in +## the header field's contents. +# +# SoftwareHeader false + +## SPFIgnoreResults { true | false } +## default "false" +## +## Causes the filter to ignore any SPF results in the header of the +## message. This is useful if you want the filter to perfrom SPF checks +## itself, or because you don't trust the arriving header. +# +# SPFIgnoreResults false + +## SPFSelfValidate { true | false } +## default false +## +## Enable internal spf checking with --with-spf +## To use libspf2 instead: --with-spf --with-spf2-include=path --with-spf2-lib=path +## +## Causes the filter to perform a fallback SPF check itself when +## it can find no SPF results in the message header. If SPFIgnoreResults +## is also set, it never looks for SPF results in headers and +## always performs the SPF check itself when this is set. +# +# SPFSelfValidate false + +## Syslog { true | false } +## default "false" +## +## Log via calls to syslog(3) any interesting activity. +# +# Syslog false + +## SyslogFacility facility-name +## default "mail" +## +## Log via calls to syslog(3) using the named facility. The facility names +## are the same as the ones allowed in syslog.conf(5). +# +# SyslogFacility mail + +## TrustedAuthservIDs string +## default HOSTNAME +## +## Specifies one or more "authserv-id" values to trust as relaying true +## upstream DKIM and SPF results. The default is to use the name of +## the MTA processing the message. To specify a list, separate each entry +## with a comma. The key word "HOSTNAME" will be replaced by the name of +## the host running the filter as reported by the gethostname(3) function. +# +# TrustedAuthservIDs HOSTNAME + +## UMask mask +## default (none) +## +## Requests a specific permissions mask to be used for file creation. This +## only really applies to creation of the socket when Socket specifies a +## UNIX domain socket, and to the HistoryFile and PidFile (if any); temporary +## files are normally created by the mkstemp(3) function that enforces a +## specific file mode on creation regardless of the process umask. See +## umask(2) for more information. +# +# UMask 077 +UMask 002 + +## UserID user[:group] +## default (none) +## +## Attempts to become the specified userid before starting operations. +## The process will be assigned all of the groups and primary group ID of +## the named userid unless an alternate group is specified. +# +# UserID opendmarc +# ATTENTION: user and group are enforced throug the systemd service file Deleted: community-x86_64/opendmarc.install =================================================================== --- community-x86_64/opendmarc.install 2017-06-05 20:40:02 UTC (rev 234421) +++ community-x86_64/opendmarc.install 2017-06-05 20:41:33 UTC (rev 234422) @@ -1,24 +0,0 @@ -_config_instructions() { - echo "==> The opendmarc user has been created." - echo " It is recommended to run the daemon under this user." - echo " A sample configuration file has been instaled at" - echo " /etc/opendmarc/opendmarc.conf.sample" -} - -post_install() { - getent passwd opendmarc >/dev/null || \ - useradd --system -g mail -s /usr/bin/nologin -d /etc/opendmarc opendmarc - if [ ! -e /etc/opendmarc/opendmarc.conf ]; then - _config_instructions - fi -} - -post_upgrade() { - post_install -} - -post_remove(){ - if getent passwd opendmarc >/dev/null 2>&1; then - userdel opendmarc - fi -} Copied: opendmarc/repos/community-x86_64/opendmarc.install (from rev 234421, opendmarc/trunk/opendmarc.install) =================================================================== --- community-x86_64/opendmarc.install (rev 0) +++ community-x86_64/opendmarc.install 2017-06-05 20:41:33 UTC (rev 234422) @@ -0,0 +1,8 @@ +post_install() { + getent passwd opendmarc >/dev/null || \ + useradd --system -g mail -s /usr/bin/nologin -d /etc/opendmarc opendmarc +} + +post_upgrade() { + post_install +} Deleted: community-x86_64/opendmarc.service =================================================================== --- community-x86_64/opendmarc.service 2017-06-05 20:40:02 UTC (rev 234421) +++ community-x86_64/opendmarc.service 2017-06-05 20:41:33 UTC (rev 234422) @@ -1,11 +0,0 @@ -[Unit] -Description=OpenDMARC -After=network.target remote-fs.target nss-lookup.target - -[Service] -Type=forking -ExecStart=/usr/bin/opendmarc -c /etc/opendmarc/opendmarc.conf -Restart=always - -[Install] -WantedBy=multi-user.target Copied: opendmarc/repos/community-x86_64/opendmarc.service (from rev 234421, opendmarc/trunk/opendmarc.service) =================================================================== --- community-x86_64/opendmarc.service (rev 0) +++ community-x86_64/opendmarc.service 2017-06-05 20:41:33 UTC (rev 234422) @@ -0,0 +1,13 @@ +[Unit] +Description=OpenDMARC +After=network.target remote-fs.target nss-lookup.target + +[Service] +Type=forking +User=opendmarc +Group=mail +ExecStart=/usr/bin/opendmarc -c /etc/opendmarc/opendmarc.conf +Restart=always + +[Install] +WantedBy=multi-user.target